CVE-2025-8172

A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

Code-Projects Voting System 注入漏洞

Voting System is an election system. Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements for parameter ID in file /admin/votersedit.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

PHPGurukul Vehicle Parking Management System 注入漏洞

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter del in the file /admin/manage-incomingvehicle.php that lacks validation of externally entered SQL statements. An...

CampCodes Advanced Online Voting System 注入漏洞

CampCodes Advanced Online Voting System is an advanced online voting system from CampCodes, Inc. An injection vulnerability exists in CampCodes Advanced Online Voting System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /admin/votersdelete.php, resulting in...

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

CVE-2025-34074 Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

CVE-2025-34074 Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

CVE-2025-6050

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

CVE-2025-24388

A vulnerability in the OTRS Admin Interface and Agent Interface versions before OTRS 8 allow parameter injection due to for an autheniticated agent or admin user. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS 2025.X OTRS Community Edition: 6.0.x Products based on the OTRS...

Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

GHSA-7PR5-W74R-JJJ7 Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

CVE-2025-6050

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

CVE-2025-6050

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

CVE-2025-6050 Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

CVE-2025-6050

CVE-2025-6050 affects Mezzanine CMS versions before 6.1.1. The vulnerability is a Stored XSS in the admin interface caused by improper sanitization in the displayable_links_js path, where a blog post title containing malicious JavaScript is included in JSON responses served at /admin/displayable_...

CVE-2025-6050 Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

PT-2025-25643 · Unknown · Mezzanine Cms

Name of the Vulnerable Software and Affected Versions: Mezzanine CMS versions prior to 6.1.1 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability in the admin interface. It exists in the displayable links js function, which fails to properly sanitize blog post titles before...

CVE-2025-24388

A vulnerability in the OTRS Admin Interface and Agent Interface versions before OTRS 8 allow parameter injection due to for an autheniticated agent or admin user. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS 2025.X OTRS Community Edition: 6.0.x Products based on the OTRS...

PT-2025-25548 · Otrs +1 · Otrs +1

Name of the Vulnerable Software and Affected Versions: OTRS versions prior to 8 OTRS Community Edition version 6.0.x Description: A vulnerability in the OTRS Admin Interface and Agent Interface allows parameter injection for an authenticated agent or admin user. This issue affects several version...